Supply chain due diligence legislation (CSDDD) KPIs by sector (with ranges)

As of early 2026, only 38% of EU-headquartered companies subject to the Corporate Sustainability Due Diligence Directive (CSDDD) have completed a full baseline mapping of their supply chain human rights and environmental risks. With enforcement beginning in 2027 for the largest companies, measuring due diligence performance with the right KPIs is no longer optional: it is a compliance imperative that separates prepared organizations from those facing regulatory exposure.

Quick Answer

The CSDDD requires companies to identify, prevent, mitigate, and account for adverse human rights and environmental impacts across their value chains. The KPIs that matter most span supplier risk coverage, corrective action completion rates, grievance mechanism responsiveness, and environmental impact reduction. Benchmark ranges vary significantly by sector: extractive industries see risk identification rates of 60-85%, while consumer goods companies typically range from 30-55%. Companies tracking vanity metrics like "number of audits completed" miss the directive's emphasis on outcomes. The KPIs outlined below reflect actual deployment data from companies operating under Germany's LkSG, France's Duty of Vigilance Law, and early CSDDD preparedness programs.

Why It Matters

The CSDDD represents the EU's most ambitious effort to hold companies accountable for impacts across their entire value chain. Unlike voluntary frameworks, it carries civil liability provisions and regulatory penalties. Companies with revenues above EUR 450 million and more than 1,000 employees face mandatory obligations starting in 2027, with smaller thresholds phasing in through 2029.

Three forces make KPI selection critical. First, regulators will evaluate the adequacy of due diligence processes, not merely their existence. Second, investors increasingly use due diligence performance as a proxy for operational risk. Third, downstream buyers in regulated markets are embedding CSDDD-aligned requirements into procurement contracts, creating cascade effects through supply networks.

Key Concepts

Risk-based due diligence is the core methodology underpinning CSDDD compliance. Companies must prioritize adverse impacts by severity and likelihood rather than attempting equal coverage across all suppliers. The directive draws directly from the OECD Guidelines for Multinational Enterprises and the UN Guiding Principles on Business and Human Rights.

Adverse impact categories under the CSDDD include forced labor, child labor, unsafe working conditions, environmental degradation, biodiversity loss, and excessive pollution. Each category requires distinct KPIs reflecting the nature of the harm and the effectiveness of mitigation.

Meaningful stakeholder engagement refers to consultations with affected communities, workers, and civil society organizations. The directive requires that these consultations inform due diligence strategy, making engagement quality a measurable compliance factor.

KPIs by Sector

Extractives and Mining

KPI	Lagging Range	Median	Leading Range
Tier 1 supplier risk assessment coverage	40-55%	68%	85-95%
Deep-tier (Tier 2+) risk mapping	10-20%	32%	50-70%
Corrective action plan completion rate	25-40%	55%	75-90%
Grievance cases resolved within 90 days	15-30%	45%	65-85%
Community consultation frequency (per site/year)	1-2	3	4-6
Environmental incident reduction (YoY)	0-5%	12%	20-35%

Extractive industries face the highest baseline risk exposure. Leading performers like BHP and Rio Tinto have invested in satellite-based environmental monitoring of mine sites and real-time worker safety tracking. The key differentiator is deep-tier mapping: most companies assess Tier 1 suppliers but lack visibility into artisanal mining operations and sub-contracted labor pools.

Automotive and Manufacturing

KPI	Lagging Range	Median	Leading Range
Supplier code of conduct adoption rate	50-65%	78%	90-98%
On-site audit frequency (high-risk suppliers)	Annual	Biannual	Quarterly+
Critical raw material traceability	20-35%	48%	65-85%
Worker grievance mechanism availability	30-45%	60%	80-95%
Corrective action closure within deadline	35-50%	62%	80-92%
Forced labor risk screening coverage	40-55%	65%	85-95%

Automotive OEMs face concentrated risk in battery mineral supply chains. Volkswagen and BMW have deployed blockchain-based cobalt tracing from mine to cathode. Leading manufacturers achieve 65-85% traceability for critical raw materials including cobalt, lithium, and rare earths, while laggards remain below 35%.

Textiles and Apparel

KPI	Lagging Range	Median	Leading Range
Tier 1-3 supplier mapping completeness	25-40%	52%	70-90%
Living wage gap analysis coverage	10-25%	35%	55-75%
Chemical management compliance rate	40-55%	68%	85-95%
Worker voice survey participation	15-30%	42%	60-80%
Subcontractor disclosure rate	20-35%	45%	65-85%
Water pollution reduction at wet processing (YoY)	0-5%	10%	15-30%

Textiles remain one of the most challenging sectors for due diligence because of extensive subcontracting and informal labor. Inditex and H&M Group have invested in digital supplier platforms that track compliance in real time, but even leading companies struggle with subcontractor visibility. Living wage gap analysis, which measures the difference between wages paid and estimated living wages in each sourcing country, is emerging as a core metric following pressure from the Fair Wear Foundation and the Ethical Trading Initiative.

Food and Agriculture

KPI	Lagging Range	Median	Leading Range
Commodity traceability to origin	15-30%	42%	60-80%
Deforestation-free sourcing verification	20-35%	50%	70-90%
Smallholder farmer engagement rate	10-20%	30%	50-70%
Pesticide and chemical use reduction (YoY)	0-3%	7%	12-25%
Child labor risk assessment coverage	25-40%	55%	75-90%
Grievance resolution time (days)	120-180	90	30-60

Agricultural supply chains involve millions of smallholder farmers, making direct due diligence prohibitively expensive without technology-enabled solutions. Nestlé and Unilever have piloted satellite deforestation monitoring combined with farmer-level digital tracing. Leading companies achieve 70-90% deforestation-free verification for priority commodities such as palm oil, soy, and cocoa.

Financial Services

KPI	Lagging Range	Median	Leading Range
Portfolio human rights risk screening	15-30%	45%	65-85%
Client due diligence escalation rate	5-10%	18%	25-40%
Adverse impact disclosure in lending decisions	10-20%	30%	50-70%
Remediation fund allocation (% of revenue)	0-0.01%	0.03%	0.05-0.1%
Supply chain risk data integration (% of portfolio)	10-25%	38%	55-75%

Financial institutions face a distinct challenge: their due diligence obligations extend to the value chains of their clients and portfolio companies. ING and BNP Paribas have developed sector-specific risk assessment frameworks that screen lending and investment decisions against human rights and environmental criteria. The key metric is the percentage of portfolio systematically screened, which remains below 50% at most institutions.

What's Working

Germany's Supply Chain Due Diligence Act (LkSG), operational since January 2023, provides early evidence on what drives compliance performance. Companies that appointed dedicated human rights officers with board-level access achieved corrective action completion rates 35% higher than those using distributed responsibility models. Centralized governance with clear accountability lines is the single largest predictor of KPI improvement.

Technology-enabled grievance mechanisms show measurably better outcomes. Siemens deployed an anonymous digital whistleblower platform across 60 countries, processing over 2,400 reports in its first year with a median resolution time of 67 days. Traditional hotline-only systems averaged 120+ days.

Multi-stakeholder initiatives remain effective for sectors with shared supply bases. The Responsible Minerals Initiative (RMI) covers 400+ member companies sharing smelter audit data, reducing duplication and improving deep-tier visibility at lower cost per company.

What's Not Working

Audit-only approaches consistently underperform. Research from the Business & Human Rights Resource Centre found that 72% of companies with comprehensive audit programs still had documented adverse impacts in their supply chains. Audits detect point-in-time compliance but miss systemic issues like excessive overtime or informal subcontracting that occur outside audit windows.

Self-assessment questionnaires (SAQs) produce unreliable data. A 2025 study by the Organisation for Economic Co-operation and Development found a 40-60% discrepancy between supplier self-reported compliance scores and independent verification results, particularly for labor rights metrics in high-risk geographies.

Vanity metrics remain widespread. Tracking "number of suppliers assessed" or "number of audits completed" measures activity, not outcomes. The CSDDD explicitly requires evidence of impact prevention and mitigation, meaning regulators will look for outcome metrics like corrective action closure rates and adverse impact reduction trends.

Key Players

Established Leaders

• Bureau Veritas: Global testing, inspection, and certification firm offering CSDDD readiness assessments across 140 countries. Provides integrated auditing combining social, environmental, and quality compliance.
• EcoVadis: Sustainability ratings platform covering 130,000+ companies across 220 sectors. Provides risk scorecards used by procurement teams for supplier due diligence screening.
• Sedex: Collaborative supply chain platform with 85,000+ member sites. Hosts SMETA audit data enabling shared due diligence across buyer networks.

Emerging Startups

• Prewave: AI-powered supply chain risk monitoring analyzing news, social media, and regulatory databases in 50+ languages. Provides predictive risk alerts for human rights and environmental violations.
• Sourcemap: Supply chain mapping and traceability platform used by Patagonia, Mars, and IKEA. Enables multi-tier visualization of supplier networks.
• IntegrityNext: Supplier sustainability management platform automating compliance monitoring, SAQ collection, and corrective action tracking for mid-market enterprises.

Key Investors and Funders

• European Commission: Primary regulatory driver and funder of due diligence guidance development through the Directorate-General for Justice and Consumers.
• KfW Development Bank: Financing supply chain transparency infrastructure in developing countries, supporting smallholder integration into traceable supply networks.
• Responsible Business Alliance (RBA): Industry coalition with 200+ member companies developing shared tools, training, and audit protocols for supply chain due diligence.

Action Checklist

1. Conduct a gap analysis comparing current due diligence practices against CSDDD requirements, prioritizing risk identification and stakeholder engagement processes.
2. Establish a centralized governance structure with a designated human rights and environmental due diligence officer reporting to the board.
3. Deploy a digital supplier risk assessment platform covering at minimum Tier 1 suppliers and high-risk Tier 2 suppliers.
4. Implement an accessible, independent grievance mechanism with defined response timelines and escalation procedures.
5. Set outcome-based KPI targets using the sector benchmarks above, focusing on corrective action completion and adverse impact reduction rather than activity counts.
6. Integrate due diligence findings into procurement decisions, including contract clauses requiring supplier cooperation with corrective actions.
7. Engage affected stakeholders through structured consultations at least annually, documenting how feedback informs due diligence strategy.

FAQ

What is the difference between the CSDDD and Germany's LkSG? The CSDDD applies across all EU member states and includes civil liability provisions, broader environmental obligations, and a climate transition plan requirement. Germany's LkSG, which predates the directive, covers human rights and certain environmental standards but does not include civil liability. Companies already compliant with LkSG will need to expand their programs to meet CSDDD requirements.

Which companies are covered by the CSDDD? The directive applies to EU companies with more than 1,000 employees and net worldwide turnover above EUR 450 million. Non-EU companies generating more than EUR 450 million in the EU are also covered. Phased implementation begins in 2027 for the largest companies and extends through 2029.

How should companies prioritize which KPIs to track? Start with risk-based prioritization: identify sectors, geographies, and commodities with the highest adverse impact probability. Focus on outcome KPIs (corrective action completion, adverse impact reduction) rather than process KPIs (number of audits). The OECD Due Diligence Guidance provides a sector-specific framework for identifying material risks.

What penalties apply for non-compliance? The CSDDD includes administrative fines of up to 5% of global net turnover for non-compliant companies. Additionally, civil liability provisions allow affected parties to seek damages through courts in EU member states, creating significant financial exposure beyond regulatory penalties.

Can technology replace traditional audits for CSDDD compliance? Technology complements but does not replace audits. AI-powered risk monitoring, satellite surveillance, and digital grievance mechanisms improve coverage and speed, but on-site verification remains necessary for issues like working conditions and freedom of association. Leading companies use a hybrid model combining continuous digital monitoring with targeted physical audits.

Sources

1. European Commission. "Directive on Corporate Sustainability Due Diligence: Final Text." Official Journal of the European Union, 2024.
2. OECD. "OECD Due Diligence Guidance for Responsible Business Conduct." OECD Publishing, 2024.
3. Business & Human Rights Resource Centre. "Corporate Due Diligence Tracker: Annual Report 2025." BHRRC, 2025.
4. German Federal Office for Economic Affairs and Export Control (BAFA). "LkSG Implementation Report: Lessons from Year One." BAFA, 2024.
5. EcoVadis. "Global Supply Chain Risk and Performance Report 2025." EcoVadis, 2025.
6. Fair Wear Foundation. "Living Wage Benchmarking Study: Garment Sector." Fair Wear, 2025.
7. Responsible Minerals Initiative. "Responsible Minerals Assurance Process Annual Report." RMI, 2025.